Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/8LCZXWDLyLv6eORFWTYufaqnXGc.roa
File:                     8LCZXWDLyLv6eORFWTYufaqnXGc.roa (raw, json)
Hash identifier:          zQH0a6PafBtBLKWrkMxsvyuhb/nC1Pe5AfvaGkWpLmk=
Subject key identifier:   F0:B0:99:5D:60:CB:C8:BB:FA:78:E4:45:59:36:2E:7D:AA:A7:5C:67
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0196DD9289BDE346213E2ED461883222E688
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/8LCZXWDLyLv6eORFWTYufaqnXGc.roa
Signing time:             Sat 17 May 2025 09:28:10 +0000
ROA not before:           Sat 17 May 2025 09:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        46.236.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dd:92:89:bd:e3:46:21:3e:2e:d4:61:88:32:22:e6:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: May 17 09:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0b0995d60cbc8bbfa78e44559362e7daaa75c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:1a:50:cb:4b:a6:0e:38:c8:8b:3a:cb:cd:c3:
                    0e:40:d9:98:b9:65:a7:35:43:f7:13:e8:5d:bb:76:
                    42:a2:42:56:45:12:4f:70:c1:8e:85:1b:fd:ea:38:
                    9d:92:e2:18:36:2e:c4:01:e8:cf:9f:c5:89:93:a2:
                    43:26:19:cf:97:f5:26:27:9d:31:dd:c6:ea:76:cd:
                    1d:bd:e4:48:87:55:c6:08:f8:77:58:5e:f4:47:48:
                    8f:fc:3e:36:00:62:9d:cd:00:2e:81:73:ac:15:d2:
                    fc:f1:56:67:e1:1e:a6:f3:fe:db:b1:2e:40:02:e1:
                    52:cd:21:e6:76:3c:dd:fa:a6:29:ba:a2:ab:35:f8:
                    9a:c9:cc:59:7a:0f:d2:39:26:ff:2a:e2:c9:56:f3:
                    0f:b4:c6:72:fb:57:d6:26:ca:e8:21:78:ce:2e:9c:
                    93:dc:d1:83:21:ef:53:b7:4b:20:1e:60:e3:b7:e4:
                    0a:37:e8:dc:af:dc:e4:66:05:b6:1c:00:53:ee:74:
                    cf:a1:2d:d5:03:25:9d:dc:4b:24:a0:28:b3:89:1b:
                    cc:ef:b7:0b:53:52:6d:25:f9:09:f1:28:34:85:2f:
                    ff:ff:a7:62:11:fe:f2:fb:17:6c:32:57:4e:3d:8b:
                    78:66:26:85:09:b0:ac:2f:6d:70:92:c5:22:25:e2:
                    fd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B0:99:5D:60:CB:C8:BB:FA:78:E4:45:59:36:2E:7D:AA:A7:5C:67
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/8LCZXWDLyLv6eORFWTYufaqnXGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:7d:9f:7c:89:9f:de:62:f0:00:fc:c6:0c:94:bb:71:80:2b:
         58:d8:e1:17:52:70:7a:6f:61:d0:f3:a6:c4:5e:0a:36:9e:a5:
         3f:5f:e6:c5:bf:be:56:ba:b5:71:27:75:21:56:07:2b:20:12:
         af:07:c1:50:e7:84:e0:7f:98:87:c3:3d:70:86:e2:62:be:48:
         06:b4:94:00:a4:4a:ab:7b:f5:56:3b:5d:ce:b9:38:54:8b:a4:
         9d:4a:aa:d0:28:2d:c8:8d:07:e2:e8:66:52:9d:cc:08:d6:9b:
         af:1e:66:af:05:06:24:84:3c:3e:ca:1d:b2:d0:b5:9a:cb:48:
         bd:f4:4c:7e:af:e8:05:39:a8:40:36:61:c0:00:ae:07:fb:c7:
         e2:76:94:23:3a:7f:c9:99:84:e4:d6:53:06:ac:c1:ea:89:e4:
         f5:21:6a:79:9b:b3:f9:c8:09:76:02:cb:05:1b:f1:62:e2:bc:
         07:76:79:d5:48:be:d7:2e:16:7f:fa:30:a1:37:62:c4:14:4a:
         55:73:dd:06:46:61:be:93:a6:86:85:99:7b:fe:d3:c6:0f:ba:
         23:4f:77:87:49:67:5f:77:b2:cd:d9:0f:c7:b4:cc:09:85:e5:
         76:87:e5:83:c3:a4:d0:a8:0b:17:25:bb:38:da:31:96:91:41:
         81:df:dc:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbdkom940YhPi7UYYgyIuaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNTE3MDkyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGIwOTk1ZDYwY2JjOGJiZmE3OGU0NDU1OTM2MmU3ZGFhYTc1YzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxpQy0umDjjIizrLzcMOQNmYuWWn
NUP3E+hdu3ZCokJWRRJPcMGOhRv96jidkuIYNi7EAejPn8WJk6JDJhnPl/UmJ50x
3cbqds0dveRIh1XGCPh3WF70R0iP/D42AGKdzQAugXOsFdL88VZn4R6m8/7bsS5A
AuFSzSHmdjzd+qYpuqKrNfiaycxZeg/SOSb/KuLJVvMPtMZy+1fWJsroIXjOLpyT
3NGDIe9Tt0sgHmDjt+QKN+jcr9zkZgW2HABT7nTPoS3VAyWd3EskoCiziRvM77cL
U1JtJfkJ8Sg0hS///6diEf7y+xdsMldOPYt4ZiaFCbCsL21wksUiJeL9LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCwmV1gy8i7+njkRVk2Ln2qp1xnMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvOExDWlhXREx5THY2ZU9SRldUWXVmYXFuWEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzNMA0G
CSqGSIb3DQEBCwUAA4IBAQAAfZ98iZ/eYvAA/MYMlLtxgCtY2OEXUnB6b2HQ86bE
Xgo2nqU/X+bFv75WurVxJ3UhVgcrIBKvB8FQ54Tgf5iHwz1whuJivkgGtJQApEqr
e/VWO13OuThUi6SdSqrQKC3IjQfi6GZSncwI1puvHmavBQYkhDw+yh2y0LWay0i9
9Ex+r+gFOahANmHAAK4H+8fidpQjOn/JmYTk1lMGrMHqieT1IWp5m7P5yAl2AssF
G/Fi4rwHdnnVSL7XLhZ/+jChN2LEFEpVc90GRmG+k6aGhZl7/tPGD7ojT3eHSWdf
d7LN2Q/HtMwJheV2h+WDw6TQqAsXJbs42jGWkUGB39z7
-----END CERTIFICATE-----